The WatchGuard Firebox T80 operates as an MSP-focused security platform that simplifies every aspect of security to make enterprise-grade security accessible to midmarket organizations. WatchGuard focuses on flexible integrations that seamlessly layer complex security services and assemble network traffic payloads. Sufficient protection against today’s digital threat landscape sometimes requires multiple services working together. WatchGuard combats this complexity with a product that allows for straightforward purchasing, configuration, deployment and centralized management. Firebox T80 also automates many processes and integrates well with other products, maximizing efficiency while reducing cost.
This UTM product offers many unique features. The Botnet Detection controls outbound command and detection, cross-referencing traffic against a blacklist of IP addresses previously associated with botnet command and control attacks. WebBlocker filters web content and administrators may leverage the impressive 120 categories within WebBlocker to configure rules. Three other mechanisms, Gateway Antivirus (GAV), IntelligentAV and APT Blocker, work in concert to protect against malware. GAV detects and analyzes signatures and IntelligentAV analyzes files to detect malicious content. Those that successfully pass through GAV and IntelligentAV then proceed to APT Blocker, a cloud sandboxing service, for detonation and final assessment.
The product has an easy-to-navigate interface and offers simple reporting and threat correlation. The main dashboard displays an overview of all the general information one expects to see in a next-gen firewall, such as alerts and device status. However, several other dashboards translate complex data into actionable information that let analysts identify threats proactively. The Executive Dashboard reveals important traffic information, including geo-location and URL categories. The Security Dashboard lets security teams drill into events easily for more information regarding identified users and the sites these users have attempted to access. Administrators may also easily adjust their timelines and view all events occurring within a specific timeframe to gain valuable, at-a-glance insight into network activity.
This product offers multiple out-of-the-box reporting options, including pre-defined compliance reports. The Search Engine Report lets administrators inspect encrypted traffic and ensure that clients have installed the appropriate certificates. Security teams may also decrypt, inspect and re-encrypt traffic, a vital component of proactive malware and DLP threat detection. The graph shown on the Device Health dashboard indicate changes in loss, latency and jitter over time. Because administrators have the freedom to define latency and jitter within their platform, this Device Health graph helps teams determine whether to switch lines and failover from one connection to another.
Overall, security pros will find WatchGuard Firebox T80 an easy-to-use UTM product that offers fast performance and extensive visibility at an affordable price. Although we don't consider it a weakness of the product by any means, we would like to see a more comprehensive catalog of integration services in the future. WatchGuard offersclear ways to see into network events on the firewall as well as various reporting options and threat correlations that, in turn, give valuable, actionable information to the security teams of mid-sized organizations.
The appliance costs $1,445 and because WatchGuard aims for maximum customer and partner satisfaction, this price includes one year of industry-leading 24/7 phone, email and website support, both pre- and post-sale. Customers have access to a FAQ list and a knowledgebase with thorough, easily searchable documentation. Additional support options are available for a fee.
Written by Katelyn Dunn
Tested by Tom Weil